The environment variables

All the unix binaries run as per the locations / directory structure mentioned in the PATH environment variable(from left to right). However, if we create our own file with the same name and append the file’s local path to this variable then we can make the shell execute our program instead of the intended one !

Let’s try to understand with example,

I am logged in as sheetal user and create a c file in the /usr/bin directory

Compile it and try to run from another directory as kali user.

Now login as another user and create a file with the same name in the user’s home directory.

If we run this file from the user’s home directory, still the file existing in /usr/bin directory is executed.

This happens because there is something called PATH environment variable which controls the executable that will run upon execution.

The PATH variable is an environment variable that contains an ordered list of paths that Linux will search for executables when running a command.

So, when we execute a program, the shell will check for the paths mentioned in the PATH variable. These are separated by : .

If we modify this path and append user’s directory to it then the file placed by us at that location will run.

If an absolute path is specified before the filename, then file residing at that path is run.

This behaviour is useful to test certain types of privilage esalations.